I have a form that allows the user to delete users from a database based on the extension number they enter. Before they can delete anyone they go through a login page. Once they delete a user from the data we receive an email stating what extension number was deleted. Is there a way that I could add which user deleted the data from the table ?
(Please note, I am aware of SQL injection issues and the use of mysql is depreciated. I will change them to PDO or mysqli once I have this issue sorted)
Currently the email looks like:
Extension Number 4324 was removed from the extension list.
Can I make it:
Extension Number 4324 was removed from the extension list by James.
- CODE
The login form:
<html>
<head>
<title>Login</title> <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body id="body-color">
<div id="Sign-In">
<center><fieldset style="width:30%"><legend>Welcome Please Login Below</legend>
<form method="POST" action="connectivity.php">
Username: <br><input type="text" name="user" size="40"><br>
Password: <br><input type="password" name="pass" size="40">
<br>
<br>
<input id="button" type="submit" name="submit" value="Log-In">
</form>
</center>
</fieldset>
</div>
</body>
</html>
Connectivity.php
<?php
session_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER','root');
define('DB_PASSWORD','****');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user']; $Password = $_POST['pass'];
*/
function SignIn()
{
session_start();
if(!empty($_POST['user']))
{
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if(!empty($row['userName']) AND !empty($row['pass']))
{
$_SESSION['userName'] = $row['pass'];
header("Location: index.php");
$_SESSION['CheckLogin'] = true;
}
else
{
header("Location: login.php");
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
The Delete.php form
<?php
require ("database.php");
session_start();
if (!isset($_SESSION['CheckLogin'])) { header("Location: login.php"); }
if($_POST['action'])
{
$this_user_ext =$_GET['extension'];
// sending query
mysql_query("DELETE FROM users WHERE extension = '$this_user_ext'")
or die(mysql_error());
include('maildelete.php');
$extension=$_POST['extension'];
header("Location: index.php");
}
?>
<center><form action="" method="post">
Enter 4 Digit Extension Number :<br><input type="text" name="extension">
<br><h2><input type="submit" name="action" value="Delete Extension">
<br></h2>
<h3>
<a href="index.php"> Main Menu </a>
</h3>
</form>
</center>
and the maildelete.php
<?php
$extension = $_POST['extension'];
$department = $_POST['department'];
if ($_POST['department']=="IT DEPARTMENT") {
$address2="alpineit@alpinemotors.co.za";
}
require 'PHPMailer-master/PHPMailerAutoload.php';
$mail = new PHPMailer;
$mail->IsSMTP(); // telling the class to use SMTP
$mail->Host = "****"; // SMTP server // enables SMTP debug information
$mail->SMTPAutoTLS = false;
$mail->SMTPSecure = false;
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->Host = "****"; // sets the SMTP server
$mail->Port = 587; // set the SMTP port for the GMAIL server
$mail->Username = "****"; // SMTP account username
$mail->Password = "****"; // SMTP account password
$mail->From = "no-reply@sdsads.co.za";
$mail->FromName = "Extension List";
$mail->AddAddress('jurgen@asdas.co.za', $address2, "");
$mail->isHTML(true);
$mail->Subject = 'Extension Deleted';
$mail->Body = "Extension Number " . $extension . " from the " . $department . " was removed from the Extension List";
if(!$mail->Send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
exit;
}
echo 'Email Sent Successfully!';
?>
